AML compliance for small firms – part one: conducting an AML risk assessment

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), which came into effect on 26 June 2017, have posed a challenge for firms of all sizes.

This three-part series looks at the MLR 2017 from the perspective of small firms and provides tips on effective compliance. More detailed information can be found in the legal sector anti-money laundering (AML) guidance.

What type of work is 'regulated'?
Doing an AML risk assessment

What type of work is 'regulated'?

The MLR 2017 apply to firms that:

  • buy and sell real property or business entities
  • manage client money, securities or other assets
  • open or manage bank, savings or securities accounts
  • organise contributions necessary for creating, operating or managing companies
  • create, operate or manage trusts, companies, foundations or similar structures

Activities that have a lower risk of exposure to money laundering are not covered, for example:

  • paying costs to lawyers
  • providing legal advice
  • litigation
  • will writing

If your firm does a mixture of regulated and unregulated work, the MLR 2017 will apply to the regulated aspects only.

Your internal AML risk assessment should state that only some of your work is regulated. But the type and frequency of this work may still lead you to conclude your firm has a high risk of being targeted by criminals.

Doing an AML risk assessment

A key feature of the MLR 2017 is the ‘risk-based approach’ to preventing and detecting money laundering, and the specific requirement to undertake and maintain a documented practice-wide AML risk assessment.

There are no black and white rules that tell you your firm is at high risk of exposure to money laundering activity. The conclusions of your practice-wide risk assessment are a matter of judgment.

Factors that will play a part in setting your risk rating include:

  • the type of work you do
  • the countries in which your work takes place
  • the types of clients you have
  • how often you engage in regulated activities

You should also consider, as a minimum:

The SRA is likely to publish a revised risk assessment of the legal sector in spring 2020. Once this is available, you should review it and consider what updates may be necessary to your practice-wide risk assessment.

Keep a record

Regardless of the size of your practice or the amount of regulated work you do, you need to make sure your practice-wide AML risk assessment is written down.

It’s important to be self-critical when you do your risk assessment – regulators can ask to see it, especially if something goes wrong with compliance at your firm.

You should also keep a record of the sources you use to complete your AML risk assessment.

AML risk assessment reviews

Review your risk assessment regularly, to reflect changes in your circumstances or the sector-wide risk assessments. You should also keep note of when you carry out these reviews.

AML risk assessments at client and matter level

In addition to the practice-wide risk assessment, you need to undertake an AML risk assessment at client level and matter level. This will inform the way in which you conduct your customer due diligence and ongoing monitoring (part 3 of this series of articles).

Your processes for carrying out the client and matter level risk assessment should be set out in your practice-wide risk assessment.

Policies, controls and procedures

Your AML risk assessment should list the steps you take to mitigate the money laundering risk in your work. You should reference your policies, controls and procedures, and state clearly what you do when you identify a high-risk client or matter.

The conclusions of your risk assessment should feature in your policies, controls and procedures (part 2 of this series of articles).


Law Society resources

AML compliance for small firms – part two: policies, controls and procedures

AML compliance for small firms – part three: customer due diligence and red flags

The Legal Sector Affinity Group’s Anti-money laundering guidance

Practice Advice Service and AML Helpline

Anti-money laundering resources

Anti-money laundering toolkit, 2nd edition

Getting your risk assessment in order – more tips on carrying out an AML risk assessment

Additional resources

The Financial Action Task Force website

Guide to detecting and preventing money laundering (PDF 1.5 MB) – published by the International Bar Association, the American Bar Association and the Council of Bars and Law Societies of Europe

SRA risk outlook 2019/20

Firm risk assessments – SRA guidance, including a template, to help you comply with the requirement to have a firm-wide AML risk assessment

The national risk assessment of money laundering and terrorist financing

The EU supranational risk assessment

Maximise your Law Society membership with My LS